Nexus Mods Possibly Hacked, Fallout 4 Mods Altered

Happy bloody Christmas. We should probably take this as a reminder to go and change our passwords on everything, and make sure no two sites or services have the same login, I guess. At the very least, we need new passwords for Nexus Mods, the site which has long hosted a gazillion mods for 216 games, particularly Bethesda RPGs – including Fallout 4, which has not yet followed Skyrim to the Steam Workshop. There’s been a possible hack, with some Fallout 4 mod-makers reporting suspicious changes having been made to their uploaded files. Nexus’ owners have established that the breach only affects user registrations up until mid-2013, although that still comprises almost six million accounts and very much covers the Skyrim heyday.

Bear in mind you may well have used Nexus at some point even if you don’t play Bethesda games – it also hosts mods for the likes of The Witcher 3, Mount and Blade, World of Tanks, Starbound, XCOM, Far Cry 3 and hundreds of others. It’s not at all impossible than you’re one of its ten million registered users even if you don’t entirely remember being so.

The authors of the Higher Settlement Budget, Rename Dogmeat, and BetterBuild mods say someone other than them made changes to the versions of their mods hosted on Nexus, while site representative DarkOne brought the news of a “potential database breach.”

He says “it’s too ambiguous to draw any concrete conclusion”, but is nonetheless advising that everyone changes their Nexus password ASAP. Whoever’s responsible for the breach has access to user IDs, usernames, email addresses for registrations prior to July 22, 2013. Passwords are encrypted – hashed and salted – though it’s not impossible that that could be broken in time. The better news is that Premium member’s payment details aren’t kept anywhere, as they outsource all that to Paypal.

In an update, Nexus clarified that you should be safe if you either registered after July 22, 2013 or changed your password subsequent to that – but change it again anyway. As for the three affected mods (if others are compromised we don’t know about it yet), apparently their creators used very simple passwords, and this appears to be how the hackers found their way in and added the suspicious “dsound.dll” file to it. They don’t know what the file does as yet, but it has been sent off for analysis.

The site’s also rushing to implement more rigorous monitoring and two-step security for the future. They’re very apologetic about this, repeat that they don’t know for sure a hack’s happened but want to be on the safe side, and point out that they spend some $60,000 a year on security so aren’t cavalier about this stuff.

More details here, but all you really want is this link, which is where you can change your password.

Once your account is all fine and dandy, you might want to use it to lay hands on some of the Fallout 4 mods we recommended here.